Importance of Internal Controls in Corporate Governance
Corporate governance sounds complicated and dry, and it certainly can be. But there's a lot to learn from corporate governance to keep your own business from running out of control. Small businesses typically won’t have a vast corporate governance structure, but small business owners can benefit from looking at the ways corporations govern themselves and incorporate those principles into their businesses.
Businesses of all sizes can benefit from establishing internal controls.
Corporate governance refers to how a corporation ensures it makes ethical decisions that reflect the needs of all parties involved, including employees, customers and shareholders. Today’s corporations are often transparent about their internal governance structure, posting it online for review by shareholders, customers and other interested parties.
Companies develop their corporate governance structures to comply with applicable laws. For example, the Sarbanes-Oxley Act of 2002 was passed in the wake of the Enron scandal. It strengthened corporate governance laws that were already in place and made new additions. The act requires senior officers to sign off on financial statements and for firms to establish internal controls.
Each corporate scandal that hits the news reinforces the importance of corporate governance. While it would be nice to think that companies would choose to do the right thing by its shareholders and customers, experience shows that that doesn’t always happen.
The WorldCom scandal is just one example. This scandal happened just after the Enron scandal, and it resulted in one of the biggest bankruptcies in U.S. history. The Enron scandal involved creative, complex accounting that was anything but transparent. The WorldCom scandal was simpler: WorldCom grew during the dotcom bubble, and when the bubble burst, the company hid its losses by recording expenses as investments.
The CEO was sentenced to 25 years in prison and its CFO received a five-year sentence after pleading guilty and cooperating with authorities. This shows that poor corporate governance is short-sighted and potentially criminal. Good corporate governance reassures stakeholders that companies are doing the right thing.
Internal controls are the practical aspects of corporate governance. They are the policies and procedures that a firm uses to ensure compliance with its own moral code. The goals of internal corporate governance controls typically include:
- Safeguarding assets. Internal controls are put in place to help prevent asset loss due to mistakes or fraud.
- Minimizing errors. People inevitably make mistakes. Internal controls ensure that financial information is carefully reviewed to reduce errors.
- Promoting efficiency. Internal controls can take time, which has the potential to lower efficiency. Internal controls can also prevent mistakes, though, which improves efficiency in the long run.
- Minimizing risk. Internal control procedures may include regular risk assessments to find areas where inaccuracies are occurring and improve those areas.
To meet these goals, a company may engage in several internal control activities which fall into two broad categories:
- Preventative: As the name indicates, preventative control activities are designed to keep fraud and mistakes from occurring in the first place.
- Detective: These activities help uncover errors that weren’t caught by preventative measures.
Governance arrangements and internal control mechanisms vary from company to company. Typical internal control activities include:
- Authorization. Authorization refers to ensuring the appropriate parties approve transactions. For example, purchases above a specific dollar amount might require authorization from a department head.
- Documentation. Documentation refers to keeping a record of a transaction. For example, when an invoice is paid, you would keep documentation of your payment, such as a receipt or a bank statement.
- Reconciliation. Reconciliation involves comparing transactions to documentation and resolving any issues.
- Security. Security can include physical security measures, cybersecurity measures and procedural security measures, such as ensuring multiple parties sign off on significant transactions.
- Separation of duties. Transactions involve several steps. Separation of duties refers to not allowing a single individual to complete all the steps in a transaction. For example, one person might record a transaction, another might authorize it and another person would reconcile it.
Of course, even the best internal control activities can’t prevent every mistake. An effective internal control framework will minimize errors, though.
Audits look at a company’s controls and corporate governance to ensure everything is working as it’s supposed to. If an audit uncovers issues, the auditors make recommendations for resolving those issues. External audits are conducted by a neutral third party. Internal audits are done by board members or other stakeholders in an organization to uncover issues before an external audit.
Internal audits can take place on any schedule that ensures procedures are being followed. Some departments might have weekly audits, while others might have quarterly or semi-annual audits. Internal audits are an essential part of ensuring corporate governance directives and internal controls are being followed.
Internal control activities ensure that companies adhere to corporate governance guidelines. Corporate governance sets the standards and recommends procedures; internal controls ensure those procedures are being followed. Internal controls also ensure there is an audit trail that can be retraced during internal and external audits.
For example, if an internal audit found a difference of a few thousand dollars, an internal auditor could retrace each step of recent transactions to find when the funds went missing. If it was an error, it can be corrected, and if it was theft, more severe measures can be taken.
Money and information have a clear path through a company with good internal controls, and that path can be easily retraced. This allows shareholders to feel confident about their investments and customers to feel confident about any goods or services they’ve purchased. Companies can show proof of good corporate governance.
Small businesses may not have the same level of complexity when it comes to internal controls, but they still play an essential role. Small companies are just as vulnerable to fraud and mistakes as larger ones, and it can be harder for small businesses to recover. Small business owners should consider what internal controls they currently use and how they can be improved.
For example, if you own a store, how is cash handled? Does someone double-check drawers after they’re counted? Do you have someone to review and reconcile your accounting regularly? How are issues documented and managed? Inventory, security and your business’s finances all should have internal controls.
Corporate governance can also provide an example for small businesses to emulate. For example, corporations have a board of directors to provide direction. While you might not need a full board, bringing together advisors from inside and outside of your business can help you find successes to build on as well as areas for improvement. They can provide valuable advice and a fresh perspective on your business and its future.